In what is being hailed as the first lawsuit under the Act, in March the operator of the home improvement website, BobVila.com, and its third party e-mail marketing company were sued in federal court in California for alleged violations of the Act. This suit should serve as a wake-up call to businesses of the pitfalls of e-mail marketing and the need to comply with the Act.
Scope of the Act
The overall focus of the Act is to prevent misleading commercial e-mail messages and to allow e-mail recipients the opportunity to opt out from receiving unsolicited commercial e-mail messages. Compliance with the Act is relatively straightforward. Unless an unsolicited commercial e-mail message falls into one of the exception categories (described below), the commercial e-mail notice and opt-out requirements of the Act will apply to the sending of that e-mail message.
For e-mails that constitute unsolicited commercial e-mail and that are not within one of the exception categories, the following must be done to comply with the Act:
1) There must be included in the body of the e-mail a mechanism for the recipient to unsubscribe to such messages over the Internet, which link or mechanism must be effective for at least 30 days after the original message was sent.
2) If someone chooses to opt out and wishes to unsubscribe to future commercial e-mail messages from the sender, the request to opt out must be honored within 10 days.
3) The sender of the e-mail must include a valid postal mailing address somewhere within the body of the e-mail.
4) The commercial e-mail must contain an accurate and correct sender name, a valid return e-mail address and other e-mail header information that is not materially false or misleading as to origin. (This requirement also applies to so-called transactional or relationship messages, which are described below.)
5) The subject line of the e-mail must accurately describe the content of the e-mail.
6) Somewhere within the body of the e-mail or in the subject line, the message must contain a clear and conspicuous identification that the message is an advertisement or solicitation.
The sender of the e-mail may not use any e-mail address (i) obtained through automated means if the address was obtained from a website or online service that does not provide e-mail addresses it maintains to others, or (ii) obtained through an automated e-mail address generation program.
8) If the originator of the e-mail uses a third party to assist with e-mails (such as a marketing company), the originator should confirm that the third party complies with the Act for e-mails sent on behalf of the originator.
E-mail messages that are excepted from most of the compliance requirements of the Act (except, most notably, item 4 above) are the following: (i) e-mail that is sent to a recipient pursuant to prior affirmative consent from such recipient to receive the particular message, or (ii) e-mail whose primary purpose is to facilitate, complete or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender; e-mail to provide product warranty, recall, safety or security information; e-mail dealing with an existing subscription, membership, account, loan or comparable ongoing commercial relationship involving ongoing purchase or use of products or services and which e-mail addresses a change in terms, features, account status or account information; e-mail relating to an employment relationship or related benefit plan in which the recipient is already involved, participating or enrolled; or e-mail relating to delivery of goods or services (including product updates or upgrades) that the recipient is entitled to receive under the terms of a transaction entered into with the sender (any of the foregoing in this subitem (ii) are called a “transactional or relationship message”).
Enforcement and Penalties
Enforcement of the Act is reserved to the Federal Trade Commission (or the applicable regulatory authority in the case of a regulated business entity, such as a bank or an insurance company), state attorneys general and Internet service providers who are affected by a violation of the Act. There is no right of a recipient of an unauthorized e-mail to file suit. The Act contains both civil and criminal penalties for violations (criminal penalties are not discussed in this summary). Civil remedies include injunctive relief, monetary penalties of up to $250 for each wrongful e-mail (with violations of most provisions capped at up to $2 million) and recovery of costs of the action and attorney fees. The Act specifically allows for enhancement of penalties (for example, based on intentional violations) and reduction of penalties (for example, based on good faith attempts to comply).
Impact on State Laws
More than half the states have laws that regulate e-mail in varying ways. One of the purposes of the Act was to create more predictability in e-mail legal compliance. Towards that end, the Act preempts state laws that expressly regulate the use of e-mail to send commercial messages, except to the extent that any such state laws prohibit falsity or deception in commercial e-mail messages. While this language appears very broad, the scope of the Act’s preemption of state laws remains to be interpreted and clarified.
The Federal Trade Commission is in the process of evaluating the need for additional regulations to clarify and implement aspects of the Act and obtaining comments on suggested regulations. Therefore, while the foregoing is a summary of what is required as of this date, please be aware that compliance requirements will likely change, at least to some extent, in the near future.
The foregoing is only a brief summary of most of the major provisions of the CAN-SPAM Act. If you have any questions or would like additional information concerning the CAN-SPAM Act, please contact Brett Lockwood in our Atlanta office (404-815-3674; firstname.lastname@example.org) or Todd Whitcomb (904-598-6113; email@example.com) in our Jacksonville office.
Contact: Brett Lockwood